CVE-2025-1272Missing Authentication for Critical Function in Project Fedora Linux

CWE-306Missing Authentication for Critical Function6 documents6 sources
Severity
7.7HIGHNVD
EPSS
0.0%
top 99.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fedora Project Fedora LinuxDebian Linux
Timeline
PublishedFeb 18

Description

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5fedora_project/fedora_linux6.12.4-100.fc406.12.15-100.fc40+1
debiandebian/linux

🔴Vulnerability Details

2
GHSA
GHSA-xj75-gfvf-4g86: The Linux Kernel lockdown mode for kernel versions starting on 62026-02-18
OSV
CVE-2025-1272: The Linux Kernel lockdown mode for kernel versions starting on 62026-02-18

📋Vendor Advisories

2
Red Hat
kernel: Secure Boot does not automatically enable kernel lockdown2025-02-13
Debian
CVE-2025-1272: linux - The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above fo...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-1272 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-1272 — Project Fedora Linux vulnerability | cvebase